<?php

/**
 * Authenticate CSE users
 *
 * <code>
 * include "/path/to/CSEAuthenticator.php";
 *
 * $username = $_POST['username'];
 * $password = $_POST['password'];
 * 
 * $auth = new CSEAuthenticator("MyAuthToken");
 * 
 * $auth->allowUsers("johndoe", "janesmith");
 * $auth->allowGroups("group1", "group2");
 * $auth->allowCourses("CSCE102", "CSCE103");
 * 
 * if ( $auth->authenticate($username, $password) ) {
 *     print "Success!";
 * }
 * else {
 *     print "Auth failed: " . $auth->getError();
 * }
 * </code>
 */
class CSEAuthenticator {
    private static $_SERVER = "https://cse-apps.unl.edu/cseauth/auth/authenticate";

    private $_authToken;

    private $_users;
    private $_groups;
    private $_courses;

    private $_error;

    public function __construct($authToken) {
        $this->_authToken = $authToken;
        $this->_users = null;
        $this->_groups = null;
        $this->_courses = null;
        $this->_error = null;
    }

    public function allowUsers() {
        $this->_users = func_get_args();
        return $this;
    }

    public function allowGroups() {
        $this->_groups = func_get_args();
        return $this;
    }

    public function allowCourses() {
        $this->_courses = func_get_args();
        return $this;
    }

    public function getError() {
        return $this->_error;
    }

    public function authenticate($username, $password) {
        $handle = curl_init();
        curl_setopt($handle, CURLOPT_FORBID_REUSE, true);
        curl_setopt($handle, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($handle, CURLOPT_FRESH_CONNECT, true);
        curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($handle, CURLOPT_CONNECTTIMEOUT, 5);
        curl_setopt($handle, CURLOPT_TIMEOUT, 5);

        $parameters = sprintf("token=%s&client=%s&username=%s&password=%s", $this->_authToken, $_SERVER['SCRIPT_NAME'], $username, $password);
        if ( is_array($this->_users) ) {
            $parameters .= sprintf("&users=%s", implode(',', $this->_users));
        }
        if ( is_array($this->_groups) ) {
            $parameters .= sprintf("&groups=%s", implode(',', $this->_groups));
        }
        if ( is_array($this->_courses) ) {
            $parameters .= sprintf("&courses=%s", implode(',', $this->_courses));
        }
        curl_setopt($handle, CURLOPT_URL, sprintf("%s?%s", static::$_SERVER, $parameters));

        $response = curl_exec($handle);
        if ( $response !== false ) {
            $responseCode = curl_getinfo($handle, CURLINFO_HTTP_CODE);
            if ( $responseCode == 200 ) {
                curl_close($handle);
                return true;
            }
            else if ( $responseCode == 401 ) {
                $this->_error = $response;
            }
            else if ( $responseCode == 403 ) {
                $this->_error = $response;
            }
            else {
                print $responseCode;
                $this->_error = "Unknown error";
            }
        }
        else {
            $this->_error = "Communication error";
        }

        curl_close($handle);
        return false;
    }
}

?>
